CVE-2024-2124

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as...

CVE-2025-10008

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

CVE-2025-10008 Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

EUVD-2025-36900

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

CVE-2025-10008

CVE-2025-10008 affects Translate WordPress and go Multilingual – Weglot plugin for WordPress. Root cause: missing capability check in clean_options, allowing unauthenticated deletion of limited transients (cached plugin options) in all versions up to and including 5.1. Impact: unauthorized data l...

CVE-2025-10008 Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

WordPress Weglot Translate plugin <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion vulnerability

Missing Authorization to Unauthenticated Limited Transient Deletion vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Weglot Translate versions = 5.1...

PT-2025-44371

Name of the Vulnerable Software and Affected Versions Translate WordPress and go Multilingual – Weglot plugin for WordPress versions up to and including 5.1 Description The software is susceptible to unauthorized data loss. This is due to a missing capability check within the clean options...

WordPress plugin Weglot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2024-27088

Malicious code in bioql PyPI...

CVE-2023-0832

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

CVE-2024-2124

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as...

CVE-2024-2124

CVE-2024-2124 (Weglot for WordPress) : Stored XSS in Translate WordPress and go Multilingual – Weglot due to insufficient input sanitization and output escaping on widget/block attributes (e.g., className). Affected versions: up to and including 4.2.5. Exploitation requires authenticated access a...

CVE-2024-2124

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as...

CVE-2024-2124 Translate WordPress and go Multilingual – Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as...

WordPress Weglot Translate Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff81bdc0a325 Credits Ngô Thiên An ancorn -...

WordPress Plugin Weglot Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Translate WordPress and go Multilingual – Weglot < 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Description The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such ...

PT-2024-18845 · WordPress · Weglot

Name of the Vulnerable Software and Affected Versions: Translate WordPress and go Multilingual – Weglot plugin for WordPress versions up to, and including, 4.2.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widget/block due to insufficient input sanitization a...

WordPress Weglot Translate Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 1.9 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0d1c738b9210 Credits Rafie Muhammad Patchstack Required...